公开(公告)号：US09338653B2

公开(公告)日：2016-05-10

申请号：US14557273

申请日：2014-12-01

Applicant: QUALCOMM Incorporated

Inventor： Anand Palanigounder ,  Jun Wang ,  Xiaoxia Zhang ,  Gordon Kent Walker

IPC: H04M1/66 ,  H04W12/06 ,  H04L12/18 ,  H04L29/06 ,  H04W4/06 ,  H04W12/04 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/3242 ,  H04L12/1868 ,  H04L63/0823 ,  H04L63/168 ,  H04W4/06 ,  H04W12/04

Abstract: In a first configuration, a UE receives, from a service provider, a certificate authority list. The certificate authority list is at least one of integrity protected or encrypted based on a credential known by the UE and the service provider and stored on a smartcard in the UE. The UE authenticates a server using the received certificate authority list. In a second configuration, the UE receives a user service discovery/announcement including a reception report configuration and an address of a server. The UE sends a protected reception report to the server based on the reception report configuration. In a third configuration, the UE receives a protected broadcast announcement and communicates based on the broadcast announcement. The broadcast announcement is at least one of integrity protected or encrypted based on a credential known by the UE and stored on a smartcard in the UE.

公开(公告)号：US20160127897A1

公开(公告)日：2016-05-05

申请号：US14923223

申请日：2015-10-26

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W12/04 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04W12/04 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/06 ,  H04L63/164 ,  H04W12/001 ,  H04W12/06 ,  H04W88/02

Abstract: Securing user-plane data traffic between a device and a packet data network gateway (P-GW) may be accomplished at the device (e.g., chip component, client device) by obtaining, at the device, a first shared key, and obtaining, at the device, a second shared key based on the first shared key. The second shared key may be for securing user-plane data traffic during transit between the device and the P-GW. The second shared key is shared by the device and the P-GW. The data traffic may be secured based on the second shared key to produce first secured data traffic. The first secured data traffic may be sent to the P-GW via an access node. The P-GW and the access node are distinct network entities. The second shared key is unknown to the access node. The P-GW obtains the second shared key from a network entity that is distinct from the device.

Abstract translation: 可以通过在设备处获得第一共享密钥来在设备（例如，芯片组件，客户端设备）上实现设备和分组数据网络网关（P-GW）之间的用户平面数据业务的保护， 在设备处，基于第一共享密钥的第二共享密钥。 第二共享密钥可以用于在设备和P-GW之间的传输期间保护用户平面数据流量。 第二个共享密钥由设备和P-GW共享。 可以基于第二共享密钥来保护数据业务以产生第一安全数据业务。 可以经由接入节点将第一安全数据业务发送到P-GW。 P-GW和接入节点是不同的网络实体。 第二个共享密钥对于接入节点是未知的。 P-GW从与设备不同的网络实体获取第二共享密钥。

公开(公告)号：US09262627B2

公开(公告)日：2016-02-16

申请号：US14473736

申请日：2014-08-29

Applicant: QUALCOMM Incorporated

Inventor： Daniel Komaromy ,  Alexander Gantman ,  Brian Rosenberg ,  Arun Balakrishnan ,  Renwei Ge ,  Gregory Rose ,  Anand Palanigounder

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/52 ,  G06F21/56 ,  G06F12/08 ,  G06F21/55 ,  G06F11/34

CPC classification number: G06F21/52 ,  G06F11/3037 ,  G06F11/3466 ,  G06F12/0811 ,  G06F12/0848 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/554 ,  G06F21/566 ,  G06F2212/452

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract translation: 公开了用于检测返回式编程（ROP）漏洞的方法，设备和系统。 系统包括处理器，主存储器和高速缓冲存储器。 高速缓存监视器通过监视对高速缓冲存储器中发现的高速缓存指令的访问来开发指令加载简档，并且错过当前不在高速缓冲存储器中的指令。 如果指令加载简档指示涉及一个或多个有效代码序列的ROP利用的执行，补救动作单元终止一个或多个有效代码序列的执行。 指令加载简档可以是相对于高速缓存未命中从监视高速缓存命中得到的命中/未命中比率。 ROP利用可能包括代码段，每个代码片段都包含可执行指令和来自有效代码序列的返回指令。

公开(公告)号：US20160021635A1

公开(公告)日：2016-01-21

申请号：US14596953

申请日：2015-01-14

Applicant: QUALCOMM Incorporated

Inventor： Soo Bum Lee ,  Gavin Bernard Horn ,  Anand Palanigounder

IPC: H04W60/04 ,  H04W12/06

CPC classification number: H04W12/04 ,  H04L63/0853 ,  H04L63/18 ,  H04W4/005 ,  H04W4/70 ,  H04W8/04 ,  H04W8/18 ,  H04W8/205 ,  H04W12/06 ,  H04W12/08 ,  H04W48/02 ,  H04W60/00 ,  H04W76/023 ,  H04W76/14

Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may obtain identification information for a device and may assist in establishing credentials by which the device accesses a wireless network. The UE may establish a connection with the wireless network using its own credentials, and register the device to access the wireless network by associating the identification information for the device with the credentials of the UE. The UE may receive or establish credentials by which the device accesses the wireless network and may communicate these credentials to the device over a local connection. In some cases, the UE may authenticate the device's identification information to determine whether the device is allowed to be registered with the wireless network.

Abstract translation: 描述了用于无线通信的方法，系统和设备。 用户设备（UE）可以获得设备的识别信息，并且可以帮助建立设备访问无线网络的凭证。 UE可以使用其自己的凭证与无线网络建立连接，并通过将设备的识别信息与UE的凭证相关联来注册该设备来接入无线网络。 UE可以接收或建立凭证，通过该凭证，设备访问无线网络并且可以通过本地连接将这些凭证传送到设备。 在某些情况下，UE可认证设备的识别信息，以确定设备是否被允许向无线网络注册。

公开(公告)号：US20150289138A1

公开(公告)日：2015-10-08

申请号：US14745266

申请日：2015-06-19

Applicant: QUALCOMM Incorporated

Inventor： Jun WANG ,  Anand Palanigounder ,  Peerapol TINNAKORNSRISUPHAP ,  George CHERIAN ,  Chandrasekhar Therazhandur Sundarraman ,  Yinian MAO ,  Peter Hans RAUBER

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0892 ,  H04L63/101 ,  H04W12/08 ,  H04W84/045

Abstract: Access by a mobile station to a femto access point (FAP) of a wireless communication system is controlled by an enforcement point in response to mobile station authorization data provided from a storage point that is remote from the FAP. The authorization data is provided in response to FAP authentication data. The authentication data may include a FAP identifier and a message authenticator that the FAP generates by hashing shared secret information. The storage point may provide the authorization data in response to determining that the message authenticator is a hash of the shared secret information.

Abstract translation: 响应于从远离FAP的存储点提供的移动台授权数据，由执行点控制移动台到无线通信系统的毫微微接入点（FAP）的接入。 响应于FAP认证数据提供授权数据。 认证数据可以包括FAP标识符和FAP通过散列共享秘密信息产生的消息认证器。 存储点可以响应于确定消息认证器是共享秘密信息的散列来提供授权数据。

公开(公告)号：US20150172997A1

公开(公告)日：2015-06-18

申请号：US14528848

申请日：2014-10-30

Applicant: QUALCOMM Incorporated

Inventor： Miguel GRIOT ,  Gavin Bernard Horn ,  Anand Palanigounder ,  Kalle IImari Ahmavaara

IPC: H04W48/08 ,  H04W74/08 ,  H04W12/08

CPC classification number: H04W48/08 ,  H04L63/10 ,  H04L63/162 ,  H04L63/205 ,  H04W4/50 ,  H04W12/04 ,  H04W12/08 ,  H04W74/08 ,  H04W84/12

Abstract: A method, an apparatus, and a computer program product for wireless communication in which provisioning of credentials for network deployments are provided. As such, the method, apparatus, and computer program product may provision a user equipment (UE) even though the UE does not have any valid security credentials, so as to provide access to a network (e.g., a network using a contention based frequency band such as a Long Term Evolution (LTE) Advanced network in the contention based radio frequency band). Accordingly, in some aspects, the present method, apparatus, and computer program product may enable the UE to perform a provisioning procedure with one or more network entities to obtain one or more security credential parameters.

Abstract translation: 一种用于无线通信的方法，装置和计算机程序产品，其中提供用于网络部署的凭证的提供。 因此，即使UE没有任何有效的安全凭证，方法，装置和计算机程序产品也可以提供用户设备（UE），以便提供对网络的访问（例如，使用基于竞争的频率的网络 例如基于竞争的无线电频带中的长期演进（LTE）高级网络）。 因此，在一些方面，本方法，装置和计算机程序产品可以使UE能够与一个或多个网络实体执行供应过程以获得一个或多个安全凭证参数。

公开(公告)号：US08984590B2

公开(公告)日：2015-03-17

申请号：US13670372

申请日：2012-11-06

Applicant: Qualcomm Incorporated

Inventor： George Cherian ,  Anand Palanigounder ,  Santosh Paul Abraham

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04L63/06 ,  H04L63/068 ,  H04L63/08 ,  H04L63/162 ,  H04L2209/80 ,  H04W12/04

Abstract: A particular method includes performing a bootstrapped extensible authentication protocol (EAP) re-authentication protocol (ERP) re-authentication at a mobile device after performing an EAP authentication with the access point prior to expiration of a master session key (MSK) associated with the EAP authentication. Another particular method includes performing, at an access point, a bootstrapped ERP re-authentication of a mobile device without interrupting a flow of data packets with respect to the mobile device.

Abstract translation: 一种特定方法包括在与所述接入点相关联的主会话密钥（MSK）到期之前，在与所述接入点执行EAP认证之后，在移动设备处执行自举可扩展认证协议（EAP）重认证协议（EAP）再认证 EAP认证。 另一特定方法包括在接入点处执行移动设备的自举ERP重新认证，而不中断相对于移动设备的数据分组流。

公开(公告)号：US20150033021A1

公开(公告)日：2015-01-29

申请号：US14514916

申请日：2014-10-15

Applicant: QUALCOMM Incorporated

Inventor： Peerapol Tinnakornsrisuphap ,  Anand Palanigounder ,  Ranjith Subramanian Jayaram ,  Lakshminath Reddy Dondeti ,  Jun Wang

IPC: H04L29/06 ,  H04W12/08

CPC classification number: H04W92/02 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/101 ,  H04L63/164 ,  H04W12/06 ,  H04W12/08 ,  H04W76/12 ,  H04W84/045 ,  H04W84/105 ,  H04W88/16

Abstract: Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

Abstract translation: 多个协议隧道（例如，IPsec隧道）被部署以使得连接到网络的接入终端能够访问与毫微微接入点相关联的本地网络。 在安全网关和毫微微接入点之间建立第一协议隧道。 然后以两种方式之一建立第二协议隧道。 在一些实现中，在接入终端和安全网关之间建立第二协议隧道。 在其他实现中，在接入终端和毫微微接入点之间建立第二协议隧道，由此隧道的一部分被路由穿过第一隧道。